Wednesday, December 02, 2015

Another breach where the numbers have grown far beyond the initial estimate guess. My initial post on Nov. 28 quoted, “nearly 5 million parents and more than 200,000 children.”
6.4m kids - Vtech hack in numbers
Children's toy company Vtech announced it was hacked last week - with millions of children's accounts accessed.
The stolen data includes names and addresses, as well as, reportedly, pictures and chat logs.
Vtech they are still investigating the full extent of the hack.
On Tuesday, the company shared more information about the breach.
It admitted: "Our database was not as secure as it should have been."
Here's what we now know:
6,368,509 children's accounts affected
4,854,209 parental accounts accessed
Countries most affected:
- USA (2,894,091 children)
- France (1,173,497)
- UK (727,155)

In total, 16 "countries" are affected - Vtech lists Latin America as a single country, so the actual number is unclear.

If someone is pretending to be China, should we expect the Chinese to track them down and stomp on them? Would the US do that?
Chris Uhlmann reports:
China is being blamed for a major cyber attack on the computers at the Bureau of Meteorology, which has compromised sensitive systems across the Federal Government.
Multiple official sources have confirmed the recent attack, and the ABC has been told it will cost millions of dollars to plug the security breach, as other agencies have also been affected.
The bureau owns one of Australia’s largest supercomputers and provides critical information to a host of agencies.
China denies any involvement in the attack:
“As we have reiterated on many occasions, the Chinese government is opposed to all forms of cyber attacks,” Chinese foreign ministry spokeswoman Hua Chunying said.
Read more on ABC (AU).

(Related) Something for my Computer Security students to ponder.
Chased by the Dragon: Containment is the New Detection
... Visiongain estimates today’s cybersecurity market to be worth $75B worldwide and Gartner estimates it will grow to $100B+ by 2018, a CAGR of roughly 10 percent. Contrast that with overall IT spending, which is crawling along with an annual growth rate in the low single digits.
Perhaps the singular focus on detecting cyber incursions is not the answer.
Perhaps a coequal focus on containing attacks after they occur is equally as important.
If we have learned one thing in the past few years, relying exclusively on detection technologies such as IDS and APT will cause significant problems. We must also look at how attacks spread laterally and remain active over extended periods of time, especially in data center and cloud environments. It is now time to prioritize visibility and containment, augmenting the priority of looking for suspicious and anomalous communications to the attack surface.
A recent SANS Institute survey, The State of Dynamic Data Center and Cloud Security in the Modern Enterprise Survey and Research Report, underscores that most IT professionals are unhappy with the level of visibility and containment provided by the traditional tools they use to monitor traffic between data centers and internal or external clouds. Nowhere is this more evident than in the time these technologies take to stop and contain breaches: fewer than 50% of breaches are detected and contained within 24 hours.

It is hard to explain technology to juries, particularly when lawyers try to do it.
Molly Willms reports on a case before the U.S. Supreme Court that touches on “exceeding authorized access” under CFAA:
The confusion that plagued a jury in a computer hacking trial has followed the case all the way to the U.S. Supreme Court, where hypotheticals and technical questions abounded during oral argument Monday.
Michael Musacchio was convicted in May 2013 of one felony count of conspiracy to make unauthorized access to a protected computer and two felony counts of hacking. He was sentenced to 63 months in prison.
The jury in Musacchio’s case received the erroneous instruction that it had to find proof that he had accessed a private computer without authorization and exceeded his authorized access, according to the Fifth Circuit ruling. The jury found him guilty on all three counts, after which he claimed that the government failed to prove both elements of the charge as it was explained to the jury.
Read more on Courthouse News. The transcript of yesterday’s oral argument can be found here (pdf).

As if Greece didn't have enough problems.
Ashley Carman reports:
Three unnamed Greek banks are the most recent victims of an extortion campaign in which a hacker group is attempting to fully take down their websites. The group, calling itself the Armada Collective, apparently made its first demand on Thursday of last week, at which point it also launched the first of its distributed denial-of-service (DDoS) attacks. Those attacks succeeded in disrupting transactions at every bank, the Financial Times reported. DDoS attacks overload websites’ servers in an effort to take them fully offline, and the Armada Collective has a set price to stop its efforts: each bank must pay 20,000 Bitcoin, or $7,208,200. The financial institutions aren’t bending under pressure, however, and are instead strengthening their DDoS defenses. Greece’s central bank and its police electronic crime unit are also monitoring the banks’ computer systems.
Read more on The Verge.

Something for my Computer Security students to debate. I include this because I don't agree with all of his points.
The Moral Character of Cryptographic Work
by Sabrina I. Pacifici on Dec 1, 2015
The Moral Character of Cryptographic Work, Phillip Rogaway, Department of Computer Science, University of California, Davis, USA. December 1, 2015
“Cryptography rearranges power: it con figures who can do what, from what. This makes cryptography an inherently political tool, and it confers on the field an intrinsically moral dimension. The Snowden revelations motivate a reassessment of the political and moral positioning of cryptography. They lead one to ask if our inability to effectively address mass surveillance constitutes a failure of our field. I believe that it does. I call for a community-wide effort to develop more effective means to resist mass surveillance. I plea for a reinvention of our disciplinary culture to attend not only to puzzles and math, but, also, to the societal implications of our work.”

Advanced research on potential Ad targets?
Google Deceptively Tracks Students’ Internet Browsing, EFF Says in FTC Complaint
San Francisco—The Electronic Frontier Foundation (EFF) filed a complaint today with the Federal Trade Commission (FTC) against Google for collecting and data mining school children’s personal information, including their Internet searches—a practice EFF uncovered while researching its “Spying on Students” campaign, which launched today.
… Google’s practices fly in the face of commitments made when it signed the Student Privacy Pledge, a legally enforceable document whereby companies promise to refrain from collecting, using, or sharing students’ personal information except when needed for legitimate educational purposes or if parents provide permission.

Would it be worth creating a false phone “trail?” Probably not. But automating the process will reduce cost.
Lending Startups Look at Borrowers’ Phone Usage to Assess Creditworthiness
A handful of Silicon Valley-backed startups are looking to revolutionize lending in the developing world, where banks are scarce and many would-be borrowers have no credit history.
Their strategy: Show me your smartphone, and my app will find out how creditworthy you are.
Smartphones can dramatically reduce the cost of lending, experts say, because the apps they run generate huge amounts of data—texts, emails, GPS coordinates, social-media posts, retail receipts, and so on—indicating thousands of subtle patterns of behavior that correlate with repayment or default.
The loans average $30, enough for a taxi driver to pay for gas or a fruit seller to stock up on produce. Branch charges between 6% and 12% interest—based on the borrower’s creditworthiness—and loans are usually repaid between three weeks and six months later.

We're thinking of a 3D printer class. Could be fun!
Gartner Predicts 2016: 3D Printing Disrupts Healthcare and Manufacturing
Strategic Planning Assumption: By 2019, 10% of people in the developed world will be living with 3D-printed items that are on or in their bodies.
Strategic Planning Assumption: By 2019, 3D printing will be a critical tool in over 35% of surgical procedures requiring prosthetic and implant devices (including synthetic organs) placed inside and around the body.
Strategic Planning Assumption: By 2019, technological and material innovation will result in 10% of counterfeit drugs and pharmaceuticals being produced with 3D printers.
Strategic Planning Assumption: By 2019, 10% of all discrete manufacturers will be using 3D printers to produce parts for the products they sell or service.

Are you ready for any of these? Infographic.
Have The Coolest Home On The Block With These Gadgets

A number of interesting graphs to share with my Statistics students. I really like the “CORRELATION vs. CAUSATION” graph. Might be fun to try a few myself.
Our Favorite Examples Of How The Internet Talks
About two weeks ago, we published our Reddit Ngram interactive — a tool that lets you search for any term to see how frequently it has been used in Reddit comments since late 2007. And readers (plus a few FiveThirtyEighters) have been sharing some interesting findings, especially on Twitter and, of course, Reddit. Below are some of our favorites so far.

Cellphone-only homes becoming the norm, CDC finds
New statistics from the Centers for Disease Control and Prevention (CDC) released Tuesday found 47 percent of homes only use cellphones and do not have a landline phone.
That is about 5 percentage points higher than homes that use both wireless and landline phones, which still represent 41 percent of households.
… Pollsters are most likely to see wireless-only homes among individuals aged 24-34, where 68 percent to 71 percent only use cellphones. About 85 percent of adults living with nonrelated roommates live in a cellphone-only house. Renters are also far more likely than homeowners to only use cellphones.
The CDC has asked the telephone question since 2003 to help it along with health-related survey research.

For all my students, Computer Security in particular.
5 Best Free Internet Security Suites for Windows
As a Windows user, you have three possible paths when it comes to system security: use the built-in Windows Defender, install third-party security software, or ignore security altogether (the last option isn’t possible on Home versions of Windows 10). The path you take is crucial.
In our piece on important facts about Windows Defender, we noted that Windows Defender is good enough for most users — but do you really want to settle for “good enough” when your security is at stake? Seems like an unnecessary risk to take…
So here are five of the best free security suites for Windows, all of which offer anti-virus, anti-malware, and real-time protection features. Some of these lack firewall functionality, but you can always supplement with a free third-party Windows firewall.

Something for all of our business students. (Remember to “tip: your professor with 1% of your founders stock.)
Free eBook: ‘Startup Best Practices from 15 Serial Entrepreneurs’
… Today, we have a free eBook called “Startup Best Practices from 15 Serial Entrepreneurs” that will teach you about starting a business from the past experiences of the people who have seen it all.
… To redeem your copy and download the free eBook, just head over to this page and sign up for a free account. The process will take just a few seconds, and then you will be sent an email with a link to download a free copy.

Handy for my niece who is doing a semester abroad in Chile.
How to Make Free Calls to Any U.S. Number From Anywhere
urn to Google Voice. Whether you’re in Brazil or Ireland, all you need is an account in order to make free calls to the United States and Canada. The most common method is to call through the PC app, but calls can also be made with both the Google Voice and Google Hangouts apps on Android.
As of now, Google calls are limited to 3 hours in duration, but there aren’t any restrictions on how many times you can redial the same number.
… You can try these free apps for calling to the U.S. as well.

Another tool for students.
GrammarFlip - Online Grammar Lessons for Students
GrammarFlip is a free service that offers an extensive set of grammar lessons. The basic format of the lessons in GrammarFlip is a video and slideshow followed by a couple of review exercises. The content of the video is based on the slideshow. The video in the lesson is essentially a narration of the slides. The review exercises in GrammarFlip lessons are a mix of multiple choice questions and fill-in-the-blank questions.
Teachers can register on GrammarFlip and create online classrooms. Once you have created a classroom on GrammarFlip students can join it by entering an access code that you assign to the room. Within your GrammarFlip classroom you can distribute lessons and track your students' progress on the lessons that you have assigned to them.

For my next batch of IT Governance students,
Corporate Governance in the Age of Cyber Risks

How to Quickly Find Your Lost Mouse Cursor on Every OS
For Windows users: Search for Mouse in the Start menu, and switch to the Pointer Options tab. At the bottom, check the box for Show the location of the pointer when I press the Ctrl key. Now, anytime you can’t find your cursor, just tap either Ctrl key and a ring will pulse around your cursor to help you find it.

No comments: